Re: SOX Question

From: Jared Still <>
Date: Tue, 2 Jun 2009 13:05:10 -0700
Message-ID: <>

On Tue, Jun 2, 2009 at 12:44 PM, Tim Gorman <> wrote:

> Authenticate, authorize, and audit: it strikes me that if a change
> management system can do those three things reliably and securely, you can't
> be too far off. Lack of separation of duties might still get dinged in a
> SOX audit, but its something the organization can probably negotiate.

Change management is as much about recording what happened, and who did it as it is about authorizing changes.

As has been stated and implied, SOX is nebulous and is really a set of standards
negotiated with your SOX Auditors.

The bottom line on that is that it must be something the CEO/CFO, and/or possibly
others are willing to sign off on. While the SOX standard is nebulous, the penalties are not.


Received on Tue Jun 02 2009 - 15:05:10 CDT

Original text of this message